CVE-2014-3004
Castor < 1.3.2 - XXE
Title source: ruleDescription
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ron Gutierrez · textremotemultiple
https://www.exploit-db.com/exploits/39205
References (8)
Scores
EPSS
0.0363
EPSS Percentile
87.9%
Details
CWE
CWE-611
Status
published
Products (8)
castor/castor
0Maven
castor_project/castor
1.3
castor_project/castor
1.3.1
castor_project/castor
< 1.3.2
opensuse/opensuse
13.1
opensuse_project/opensuse
12.3
org.castor/castor
0Maven
org.codehaus.castor/castor
0 - 1.3.3Maven
Published
Jun 11, 2014
Tracked Since
Feb 18, 2026